Snort alert tail...
Carel Fellinger
carel.fellinger at iae.nl
Sun Jun 16 19:52:50 EDT 2002
On Sun, Jun 16, 2002 at 03:51:45PM +0300, Jan-Eric wrote:
> HEllo !
> I'm trying to write a dynamic firewall script in python that scans the Snort
> alert file like 'tail -f' and takes action based on the infomation it gets
> from that file. But I can't get the 'tail' function to work.It reads the
> file, but any new information that Snort is writing to the file doesn't
> show up to the script.
>
> ex.
> file = open('/var/log/snort', 'r')
> while 1:
> file = file.read()
> print file
I expect you're getting exceptions here, or you don't show the real code.
The line `file = file.read()' turns your file opject into a string object
and that string object doesn't have a read method, so the next round in
the while loop should raise an exception.
Others showed you more complete ways of achieving this, but the following
might work for you too:
f = open('/var/log/snort')
while 1:
data = f.read()
if data:
print "GOT DATA:", `data`
else:
time.sleep(1)
I left out the secand argument in the open call as it defaults to "r".
I prefer to use f instead of file as file is a buildin (aka open) in
newer Pythons. And finally, it's advisable to pause after reading
nothing from the log file to let others fill the logfile again.
--
groetjes, carel
More information about the Python-list
mailing list